Most security professionals understand the importance of finding and eliminating application vulnerabilities. Yet, based on the rate of exploitation of vulnerable websites, it appears that web application protections have been neglected, because of underfunding or lack of focus. Making the argument for better application security isn?t easy. Convincing management to spend on something as ethereal as security requires metrics and tools that demonstrate the efficiencies that secure web application management provides. This paper will provide tools and techniques that demonstrate the need for better application security and the appropriate level of investment.

Many businesses today, from small retail organizations to large enterprises, are struggling with Web application security. Many organizations do not fully understand the risks of Web application attacks and arcane references like "OWASP Top 10" simply confuse them even more. With the prevalence of Web application hacks in the news, the top questions asked by many are "How likely are we to be hacked?" and "What can we do to defend ourselves?"

The answers may differ to some extent depending on the organization answering the questions, but there are a number of fundamental best practices that have stood the test of time. Some of the defenses have changed, however, and many new attack vectors are emerging too.

In this paper, we will explore the history of Web application attacks and look at how they're evolving today.

WhiteHat Security's Website Security Statistics Report provides a one-of-a-kind perspective on the state of website security and the issues that organizations must address in order to conduct business online safely.

Website security is an ever-moving target. New website launches are common, new code is released constantly, new Web technologies are created and adopted every day; as a result, new attack techniques are frequently disclosed that can put every online business at risk. In order to stay protected, enterprises must receive timely information about how they can most efficiently defend their websites, gain visibility into the performance of their security programs, and learn how they compare with their industry peers. Obtaining these insights is crucial in order to stay ahead and truly improve enterprise website security.